Be the first to know about our latest articles!

Subscribe
  1. Blog
  2. Access Control Technologies
6/8/2018

HID iClass SE Reader: a look inside

In this post, we will be taking apart a card reader – notably the HID iClass SE reader (if your physical security guys spent any money):

  • Bunch of glue, epoxy and sand
  • A PCB board with an antenna

ok… so really what are the details.

How we opened the iClass SE reader and what’s inside specifically

Since we don’t use our reader anymore (we switched to our own Kisi solution) we went into the machine shop and dissected the reader.

In previous posts we only looked at how HID cards are hacked and Wiegand protocol hacking, but never really at the reader itself.

Since so many people use the iClass SE reader we thought a little reader hacking might be interesting for everyone.

The original mastermind behind the RFID hacks is Jonathan Westhues, here’s what made him famous in 2006. Considering that these reader manufacturers keep using pretty much the same things since then, your office readers might be the same standard (or even lower):

“In 2006, Westhues was hired by California State Senator Joe Simitian to illustrate the ease with which state lawmakers’ RFID-based ID cards could be read and cloned. He successfully read and cloned the ID card of California State Assembly member Fran Pavley, who remarked, “All that was done within a moment’s notice of time without me even being aware of it.”

Either way- The model we used is an iClass SE R40 from 2011 made in the Philippines – 920NTNTEKE0000. Admittedly this has been done before – check the Proxmark forum for details. But the images there were only focussing on components, not on general design of the iClass SE reader.

iClass SE reader inside

How we opened the iClass SE reader

Since the board is epoxied into the reader housing front, we used a regular steel cut saw to cut of the top slightly under the edge of the front:

How we opened the reader

Back of the iClass SE reader board

When we opened the reader we realized there was a lot of dust and seems like the PCB is mounted on top of some concrete powder. The reason for this could be to amplify the antenna which is mounted on the PCB. The back was black epoxy which however did not go underneath the PCB where the important components are arranged.

PBC

Front of the iClass SE reader board

The front of the reader showed a nice NXP chip which is the RFID component: PR600HL/C1, kS012171y, C3P004.00, SW4452.1. I couldn’t really dig it up on DigiKey or other electronics suppliers, most likely already too old. Should it then still be on the wall?

The front was filled with hardened foam and sand, most likely to make it heavier and not feel like a bunch of condensators and resistors (which it unfortunately is by the way).

Reader Antenna and Components

To me looking at this picture the most interesting thing is the antenna: It goes all the way around the board to maximize the coverage of the antenna and readability of the cards at any point of the reader. It’s also interesting that the antenna is normally a coil of wire, HID decided to maximize the antenna by using 2 flat copper lines which most likely have more impact than round coils.

A great product! Production cost should be around $12. If you’d make a list with low tech in the office, it would most likely be in close competition with the coffee machine or the light sensor.

Interested in understanding more about access control? Take a look at our full review of HID readers and access systems or discover the benefits or remote cloud access control here.
Brought to you by Kisi, a technology driven physical access solution powered by mobile, cloud and IoT.
Submit content idea

Get featured on the blog and tell us your unique story.

Access Your Office the Modern Way

Discover how we provide secure access to hundreds of fast-growing companies like yours

Kisi Reader

Download the Access Control Guide

Get Expert Advice on Security and IoT

Free access to our best guides, industry insights and more

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get notified of new articles

46,885 marketers are already subscribed to Kisi's blog. Leave your email to get your weekly newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Access Control Technologies
Guides